Month: July 2023

Compliance management: Why you’re awake

Compliance is all about juggling different concerns across multiple levels and not letting the stress win. While it may seem like an exercise in futility, there are certainly better ways to manage each aspect than simply going it alone.

But before we get ahead of ourselves, let’s take a moment to consider the current landscape and factors that impact compliance.

Modern threat landscape

Cybersecurity and compliance require dealing with a lot of moving parts to achieve the balance that’s right for your company. When speaking of both, we’re specifically referring to risk and the significant role it plays in weakening security, in turn, causing endpoints to become out of compliance.

Take for example ransomware, also known as the “fastest growing type of cybercrime,” according to Cybercrime Magazine. While current estimates place the median cost of a ransomware attack at $10 million, it should come as no surprise that the global cost of ransomware hovered at $20 billion as of 2021. And if that weren’t bad enough, it is expected to swell to $265 billion by 2031, according to security experts, KnowBe4.

What’s causing this, you ask? It’s a perfect storm of:

• the human element that was responsible for 74% of attacks
• difficulty of law enforcement to prosecute crimes at a global level
• victims’ willingness to pay ransom to salvage impacted businesses

While ransomware threats only make up a part of the overall risk impacting organizations, its growth is a clear signal that there’s money to be made, and bad actors are cashing in by exploiting risk factors. But costs stemming directly from threats are just a part of the financial equation, indirect costs, such as those relating to fighting off attacks or remedial costs resulting from leaks of protected data, like student or health records add to the overall economic impact.

Of course, then there’s the impact on an affected company’s reputation as it relates to a data breach. All told these compounding factors result in publicly traded companies suffering “an average decline of 7.5% in their stock values, coupled with a mean market cap loss of $5.4 billion.” In short: a ripple effect is not uncommon after each data breach, which reverberates throughout the entire supply chain, coupled with an average delay of 46 days, which means impacted organizations can stand to lose billions of dollars in lost market cap and increased operational costs before their stock prices can recover to pre-breach levels — if they are able to do so at all.

Additional challenges facing IT compliance management right now are:

• Limited resources and manpower to effectively manage and maintain compliance requirements
• An increasingly complicated technology stack
• Poor communication across stakeholders and leadership
• Cost constraints at a time when more budget is needed to achieve compliance
• Manual, time-consuming processes that put even more pressure on resources and manpower
• Limited visibility into your security and compliance posture
• Inefficient evidence collection, like screenshot-based evidence and stakeholder dependency

Many of the challenges facing the compliance landscape today are interconnected within an ecosystem of risk, such as: cyber security threats, user-introduced concerns, like Shadow IT, device and resource management, distributed workforces, cloud-based software, regulatory oversight and constant monitoring and visibility into endpoint health.

Key findings

The State of Security compliance report, a report released annually by anecdotes that conducts a broad study of statistics and insights collected from compliance leaders across tech companies of all stages of maturity and growth found that “88% of compliance leaders must overcome significant obstacles when implementing and growing their security compliance programs.”

Additionally, anecdotes research found these other challenges:

• 50% of compliance teams cite a lack of automation as a reason for delays in the audit process.
• 47% of leaders agree that a lack of manpower is among the greatest challenges that keep them up at night.
• 29% of compliance leaders cite a lack of budget as a main challenge instead of as a business enabler.
• 25% of respondents say that their leadership continues to view compliance as a burden and does not view the adoption of frameworks as a technical necessity.

What can take the edge off of managing compliance? Automation, of course

Data-powered automation simplifies compliance procedures and processes by leveraging technology to minimize complexity. Relying on automated functionality not only replaces manual and repetitive tasks but doing so also streamlines them while greatly reducing the likelihood of the occurrence of error-prone processes. The result? Achieving standardized compliance within your data-driven ecosystem serves to strengthen your posture while leveraging technology and tooling to perform the heavy lifting.

It’s resting your weary compliance head down on the soft pillow of automation and data that provide you with true visibility into your posture to identify gaps. So, bid a not-so-fond farewell to nagging, chasing, managing, checking, asking, and driving the compliance agenda across the organization and multiple stakeholders.

What are some of the other benefits of automating your compliance program help?

• Save your organization time by streamlining the tedious, time-consuming and manual process of gathering evidence
• Maximize productivity by efficiently making the best use of resources and stakeholders
• Gain deep visibility and share that insight through robust collaboration tools
• Improve the ease with which credible data is gathered and accepted by world-leading audit firms

anecdotes works to simplify your compliance management system

Despite the challenges cited above, managing compliance requirements at the enterprise level doesn’t have to be so stressful.

Enter Compliance OS by anecdotes.

With capabilities that provide more than mere PDFs, templates or test results — leveraging anecdotes “provides data-powered automation that takes your compliance to the next level.” We believe credible, visible and actionable data should be the foundation of every compliance initiative.

How does anecdotes help you manage your compliance goals?

By implementing the anecdotes Compliance OS within your organization, teams are supercharged and silos are broken down to not just save you time and resources but drive collaboration and communication.

We’re talking about data that works for you, not the other way around.

The ultimate goal? To give your organization complete control and visibility over the many data points that will drive your security compliance program to success. Some of the ways anecdotes works for you to deliver real, continuous compliance are:

• It connects directly to your tech stack and performs all the evidence collection concisely and automatically across different platforms and multiple stakeholders.
• By ensuring robust compliance management with mandated compliance frameworks that take advantage of the intelligent cross-mapping capabilities to help you grow your program, without growing your workload.
• Utilizing a feature-rich toolset to collaborate with different stakeholders while centralized communications ensure that even the smallest of compliance details don’t fall through the cracks.
• Contextualizing data sets that are not just easy and intuitive, but ecosystem-vetted structured data that is ready to use, serving as the basis for current and future compliance requirements.

anecdotes + Jamf

Two great solutions that, when combining anecdotes and Jamf, compliance and mobile device management (MDM) optimize security through automation and device security. Security teams can guarantee the safety of their devices and data, mitigate risks, and minimize the chances of breaches while compliance leaders ensure that compliance is maintained every step of the way — both working together to reduce risk that may otherwise harm your company’s reputation.

By integrating the anecdotes Compliance OS and Jamf Pro, the former automatically collects data that serves as evidence critical to your compliance status directly and securely from the latter. It then maps the data gathered to relevant controls within the anecdotes compliance OS. This level of data-powered compliance realizes live data, advanced automation and other applications integrated securely to gain comprehensive visibility into your compliance posture.

Armed with deep insight into your current compliance posture, Compliance OS aids organizations by converting manual, time-consuming and siloed tasks into an automated, continuous and strategic compliance journey, while Jamf delivers a comprehensive management system for Apple macOS and iOS-based.

In short: anecdotes + Jamf deliver managed security compliance for every device through an advanced, automated ecosystem that transforms your compliance program from what currently it isto exactly where it needs to be.

Jamf Account is an online portal where you can find and manage features related to your account with Jamf. You can access Jamf products, manage your Jamf identity, enroll in training courses, participate in Beta/RC programs, and more!

Read on for highlights of how Jamf Account enables you to unlock the full potential of everything Jamf has to offer, accessed from one convenient place.

Jamf ID multi-factor authentication for Jamf Account

As of June 15, customers logging into Jamf Account with Jamf ID have a new option on their Profile > Security page to enable Multi-Factor Authentication (MFA) via TOTP codes (e.g. apps like Google Authenticator, Authy, etc.) Other factors such as SMS or email-based MFA are not supported. Currently this setting only applies to Jamf Account.

Admin SSO

Organization administrators can now configure their identity provider (IdP) once, in Jamf Account, with the configuration persisting across all Jamf products (including Jamf Account) that implement login via a customer’s chosen IdP.

Users who rarely access Jamf Account — e.g. only at renewal time — will no longer have to create or remember their Jamf ID. Enabling users to configure SSO credentials both increases efficiency and decreases the risk of forgotten passwords.

For users who do not have an identity provider or choose not to configure it with Jamf, the login experience will remain as Jamf ID or the application’s legacy authentication method. For more details read our Admin SSO blog.

Training

View available training courses, manage your upcoming enrollments and download certificates for completed enrollments in the “Training” area.

Training Passes are also available for purchase for either individuals or organizations. These can be applied during course enrollment.

Team member management

Manage all of your organization’s contacts and their access to Jamf in the “Your Organization” area.

The “Your Organization” section in Jamf Account allows you to:

• Add new team members to the organization’s account. This action automatically sends contacts an invitation to create a Jamf ID if they don’t already have one.
• Remove team members when they leave the organization.
• Manage access to Jamf products.
• See who changed what and when within Jamf Account via “Activity History.”
• Assign roles (Decision Maker, Primary Technical, End User, Finance) and privileges:
  • An “Organizational Admin” can add, remove, or manage team members.
  • A “Viewer” has read-only access to “Your Organization” feature.
  • “None” does not have any access to the “Your Organization” feature.

Jamf Pro upgrades

Don’t forget that customers can upgrade standard Jamf Cloud instances directly from Jamf Account. If your Pro instance is not on the most recent version, you see an “Upgrade” button. You are given a choice to either upgrade immediately or schedule a specific date and time.